<?php

require_once ABSPATH . '/system/sql.php';

if(isset($_POST['username'])){
    $sql_link = MySQL::getInstance();

    $res = $sql_link->prepare('SELECT users.name,users.pass, user_infos.institute, user_infos.speciality,
        user_infos.class FROM users, user_infos WHERE  users.username =:username
         AND users.id = user_infos.user_id');
    $res->bindParam(':username',$_POST['username']);
    $res->execute();
    $data = $res->fetch(PDO::FETCH_ASSOC);

    $_POST['phone_mac'] = strtolower($_POST['phone_mac']);
    $_POST['pc_mac'] = strtolower($_POST['pc_mac']);

    if(empty($data)) {      //新用户
        $res = $sql_link->prepare('INSERT INTO users (username,pass, name,email,registered_time)
         VALUE (:username,:pass,:name,:email,:registered_time)');
        $res->bindParam(':username',$_POST['username']);
        $res->bindParam(':pass',$pass);
        $pass = password_hash($_POST['pass'],PASSWORD_DEFAULT);
        $res->bindParam(':name',$_POST['name']);
        $res->bindParam(':email',$_POST['email']);
        $res->bindParam(':registered_time',$time);
        $time = date("Y-m-d H:i:s",time());
        $res->execute();

        $res = $sql_link->prepare('INSERT INTO user_infos (user_id, sex, institute, speciality,class,phone_mac,pc_mac)
         VALUE (last_insert_id(),:sex,:institute,:speciality,:class,:phone_mac,:pc_mac)');
        $res->bindParam(':sex',$_POST['sex']);
        if($_POST['sex'] != '男' && $_POST['sex'] != '女'){
            $_POST['sex'] = '未知';
        }
        $res->bindParam(':institute',$_POST['institute']);
        $res->bindParam(':speciality',$_POST['speciality']);
        $res->bindParam(':class',$_POST['class']);
        $res->bindParam(':phone_mac',$_POST['phone_mac']);
        $res->bindParam(':pc_mac',$_POST['pc_mac']);
        $res->execute();
        $ret = array(
            'code' => 200,
            'msg' => 'ok',
        );
    }else if($data['pass'] == ''){      //已有用户信息，但未注册

        if($_POST['name'] == $data['name'] && 
        $_POST['institute'] == $data['institute'] &&
        $_POST['speciality'] == $data['speciality'] &&
        $_POST['class'] == $data['class'] ){
            $sql_str = 'UPDATE users, user_infos SET users.pass=:pass,users.email=:email,
            users.registered_time=:registered_time,user_infos.sex = :sex';
            
            if($_POST['phone_mac'] != ''){
                $sql_str = $sql_str.',user_infos.phone_mac =:phone_mac';
            }
            if($_POST['pc_mac'] != ''){
                $sql_str = $sql_str.',user_infos.pc_mac =:pc_mac';
            }

            $sql_str = $sql_str.' WHERE users.username = :username AND users.id = user_infos.user_id';
            
            $res = $sql_link->prepare($sql_str);

            $res->bindParam(':username',$_POST['username']);
            $res->bindParam(':pass',$pass);
            $pass = password_hash($_POST['pass'],PASSWORD_DEFAULT);
            $res->bindParam(':email',$_POST['email']);
            $res->bindParam(':registered_time',$time);
            $time = date("Y-m-d H:i:s",time());
            $res->bindParam(':sex',$_POST['sex']);
            if($_POST['sex'] != '男' && $_POST['sex'] != '女'){
                $_POST['sex'] = '未知';
            }
            if($_POST['phone_mac'] != ''){
                $res->bindParam(':phone_mac',$_POST['phone_mac']);
            }
            if($_POST['pc_mac'] != ''){
                $res->bindParam(':pc_mac',$_POST['pc_mac']);
            }
            
            $res->execute();

            $ret = array(
                'code' => 200,
                'msg' => 'ok',
            );
        }else{
            $ret = array(
                'code' => 403,
                'msg' => '注册信息与已有信息校验未通过',
            );
        }
        
    }else{                              //用户已注册
        $ret = array(
            'code' => 403,
            'msg' => '该用户名已注册',
        );
    }

    echo json_encode($ret);
}else{
    require_once __DIR__.'/403.php';
}